Solved: Search Head Deployer create .splunk folder in home...

vicvaughan · ‎06-06-2017

When pushing a shcluster bundle as our sudo splunk user, I got the following message:

Can't create directory "/home//.splunk": Permission denied

I was able to mod the directory so it could create .splunk, but my question is why is it creating that in my home folder?

(I was not in my home folder when the push command was run and I was using the absolute path to the bundle push command)

Thanks, all!

masonmorales · ‎06-06-2017

When you run a Splunk command that requires authentication, Splunk creates an auth token in ~/.splunk on whichever user you ran the command on. The token contains a username and session key that Splunk uses to re-authenticate itself in case you need to run additional CLI commands. This is usually not a problem if you run Splunk CLI commands from the same user that Splunk runs as.

View solution in original post

masonmorales · ‎06-06-2017

When you run a Splunk command that requires authentication, Splunk creates an auth token in ~/.splunk on whichever user you ran the command on. The token contains a username and session key that Splunk uses to re-authenticate itself in case you need to run additional CLI commands. This is usually not a problem if you run Splunk CLI commands from the same user that Splunk runs as.

jaihingorani · ‎09-06-2023

Are there any security related concerns due to this , as this file contains the authToken ? Can this be miss used in any possible way?

Search Head Deployer create .splunk folder in home directory

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases